Six percent of businesses experienced a direct ICT security attack resulting in loss or damage in the last two financial years, according to figures released by Stats NZ today.
The percentage of businesses that reported loss or damage from information and communications technology (ICT) security attacks, based on businesses with access to the internet, is at its lowest since 2014, following a peak of 15 percent in 2018.
“Businesses may have faced ICT security attacks that didn’t result in loss, or they had successfully prevented them,” business performance manager Ricky Ho said.
Of the businesses that experienced losses, 60 percent said that the method of attack was through malware, such as viruses and worms. This was followed by illegal access by a third party, such as hackers (42 percent).
Larger businesses (100 or more employees) were more likely to suffer an attack that resulted in a loss, 11 percent compared with 5 percent for smaller businesses (6 to 19 employees).
Downtime of service was the most common type of loss or damage, with 58 percent of all businesses who reported attacks having experienced this, down from 78 percent in 2020.
Overall, 90 percent of businesses reported having at least one type of ICT security measure in place, slightly lower than the 92 percent in both 2020 and 2018.
Of the 51 percent of businesses that reported purchasing cloud computing services, 59 percent purchased security software applications.
“It appears that businesses are very aware of security risks, and are taking measures against them,” Ho said.
The most common ICT security measures businesses had in place were virus checking or protection software that was regularly updated (86 percent), followed by firewalls (68 percent), and spam filters (67 percent).
The business operations survey reports on businesses with six or more employees.
Businesses were surveyed from August to November 2022. The survey included questions on business operations, ICT, price and wage setting, and business finance. Businesses are surveyed on ICT every two years, and about price and wage setting and business finance on a less frequent basis.